Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 501 VPN Clients - Hub Spoke topology

I think I already know the answer is no, however I would like this to be confirmed.

We have multiple IPSEC VPN Clients accessing a cisco pix 501. The pix allocates them an address on the main site lan and the clients can all communicate fine with devices on that LAN.

The question is can a VPN Client route traffic to another VPN Client on the same CISCO PIX.

I.e,

Client A gets IP address 10.0.1.20

Client B gets IP Address 10.0.1.21

is it possible to route traffic between 10.0.1.20 and 10.0.1.21?

Thanks

3 REPLIES

Re: PIX 501 VPN Clients - Hub Spoke topology

so basically the traffic comes in the outside interface, and is suppose to leave the outside interface, correct?

VPN Hairpin:

same-security-traffic permit intra-interface

Which is only available on PIX/ASA 7.x and higher. and your 501 cannot go any higher than 6.x.

Anthony Holloway

Please use the star ratings to help drive great content to the top of searches.
New Member

Re: PIX 501 VPN Clients - Hub Spoke topology

Thanks for the prompt response, would a Cisco Pix 515 support this with the correct firmware?

Do you know if all new PIX 515 and above come with 7.x firmware or does this have to be added?

Regards Richard

Re: PIX 501 VPN Clients - Hub Spoke topology

Take a look here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml

Anthony Holloway

Please use the star ratings to help drive great content to the top of searches.
280
Views
4
Helpful
3
Replies